Below The Surface S1E11
00:00:10] Hello and welcome to this episode of Below the Surface. I’m your host Darshna and here is my co-host, Stephanie Cogliano. Stephanie.
[00:00:21] Darshna, hello and hello to you all. It’s a new year, we’ve got a new episode of Below the Surface. So how are you feeling, Darshana? You ready?
[00:00:30] I cannot wait. One hundred percent ready for a show of the year and we are starting with a bang. Cannot wait to bring on our guest for today.
[00:00:39] So 20, 20 was unique, I think, to put it very nice. Definitely, I feel I must ask you the obligatory question.
[00:00:48] Did you set any intentions or resolutions as we move into twenty twenty one?
[00:00:53] Oh, and apart from like the usual of staying healthy, keeping fit. And one of the ones while it was lost is one innovative thing put on hold. So one is to go skydiving. It’s definitely a kind of a bucket list thing to make this. That’s one thing. And then the other is a bit of a competitive one is between friend. And I was saying he can do the most steps this year. So nothing like a bit of competition to get you exercising for sure.
[00:01:24] That’s exciting. While skydiving, I sure hope you get the opportunity. I mean, you don’t really get much more socially distance than that, right?
[00:01:32] Yeah. Apart from obviously I’d have an instructor, so I’m not doing it on my own. That might be something, but yes, fingers crossed. How about you? Any reservations.
[00:01:42] Yeah. So I have a larger goal of sleeping better. So my resolution this year was put down the phone an hour before bedtime.
[00:01:51] No screams at all. I’m reading myself to sleep and it’s working so far.
[00:01:56] It is. So that’s good. I ask what you’re reading the pulpit.
[00:02:00] Yeah. So right now I’m reading a fiction, but they’re called Searcy and it’s a novel about ancient Greece. It’s quite good.
[00:02:09] And that is that is very good before. But a little bit of time. Yeah, I like it. Right. Shall we move on to today’s show.
[00:02:20] Yes. But before we do that, just a quick reminder for everybody tuning in that you can all ask questions in the comments section below or feel free, of course, just to say hello and let us know where you’re tuning in from.
[00:02:31] And also, if you missed any of our shows over the last few months, make sure you go check them out on the Barracuda LinkedIn page.
[00:02:39] Yeah, there’s been some really interesting topics, so moving on to the Today show. One thing we learnt last year with remote working being the new normal, many organisations move to the Cloud to adapt to this new way of working and public Cloud really provide sustainability and support needed in this new world. So with this in mind, Barracuda went and surveyed its decision makers in the United States, Germany, France and the U.K. to capture current attitudes and opinions around the Cloud really interesting topic, especially in the world that we live in today.
[00:03:12] So with that in mind, I would like to introduce Phonon Aaron, our vice president of Viracept Access at Barracuda Networks. Welcome to the show, Phonon.
[00:03:21] It’s Stephanie Hadash, happy belated New Year’s. Glad to be on.
[00:03:26] What was happening is not really great to have you back on with us. You did the last day of the year and the first year, so hopefully a good start to the year. So before we get started on this, could you give us a little bit of information about yourself?
[00:03:43] Sure, happy to a 20 year plus veteran of cyber security, I’ve been on all parts of the cyber security, I would say operational theatre, whether that’s offence, whether that’s defence or independent software vendor side of the equation. And coincidentally, this last week, they shut down an important motivated mailing list called Buck Track. So it’s been it’s been on a good run for 30 years. I found my first job in cybersecurity by sending my first moderated and approved email to about 20 plus years ago. So, you know, DDoS on that for for a 30 year run.
[00:04:19] OK, so before we get started, Sanandaj and I were just talking about our New Year’s resolutions or intentions or even goals. Did you have one that you’d like to share with us?
[00:04:29] Yeah, of course, the usual. But maybe I’ll say it in this terms. Get on the peloton more. Get on the backlog of all the books that I have over the last several resolutions. Finish the backlog, if at all. And I will say finally perhaps attempt that a modified version of my spouse is, what is it called, whole 30 Dietze modified version.
[00:04:51] But yeah, those are my resolutions. Very nice, nice.
[00:04:56] Well, let’s hope we succeed and then moving on to today’s topic, back to recently published a report looking at the current attitudes and opinions about public Cloud, access constraint, security concerns, emerging solutions and a variety of related topics.
[00:05:12] Can you give us a real high level and key learnings from this report?
[00:05:17] Sure. Happy to. So I would say the one that stood out for me, but I’ll start with that one. More than three quarters of organisations that we surveyed are using multicoloured providers such as Amazon Web Services, Microsoft Azure or Google Cloud platform that that one really stood out.
[00:05:35] The other one is expected about more than half, 56 percent of the respondents are struggling to ensure seamless availability and access like an always on access to Cloud applications for the organisations, the branches and their their branch offices and their sites. And also another interesting one, I would say the numbers seemed quite eye opening. It is 70 percent experienced some form of lead to some performance challenges around accessing SAS workloads such as DDoS sixty five. I would say those were the key observations from the survey.
[00:06:09] So one of those that you mentioned just now signed on with that three quarters of the respondents are using multiple providers. Why is that so interesting or shocking? And why do you believe organisations are going to multiply?
[00:06:22] Right. I mean, we always have this thesis and you hear it from Espy’s, like us and analysts and a bunch of start-ups out there that are developing, you know, multi Cloud solutions about orchestration, about security, about conform, about compliance, governance. Right. You hear that because it fits in with the thesis. But to see actually we’re natural sceptics. Right. We take everything that is published by basically, you know, vendors and analysts perhaps pitching the book. Right. But it’s Eye-Opening to see that our customers are organisations out there that are going through digital transformation, confirming this. Right. It’s it’s a brilliant confirmation of the fact that Cloud, B2C, Cloud is real. And then a lot of these customers and organisations are going to the best of breed cloud service provider for the most feting, most optimised use case they might have in mind.
[00:07:22] OK, so thinking about Monty Cloud and where and security and where the security responsibility lies, and we hear about the shared security model so many times and it’s been discussed in various ways over the years, you know, you’ve heard about it, but do you really believe that the understanding is there and that’s leading to the real action around the responsibility?
[00:07:45] I do at this point believe and it seems like our survey confirms to it to the tune of 90 percent plus agrees on the shared responsibility model that the Cloud service providers do basically are responsible for the security of the infrastructure and that the customers, the organisations that are leveraging Cloud service providers are in charge of securing their what they put on on these infrastructures, on these Cloud, on this provider’s right. So there seems to be a clear understanding. However, when it comes to implementation, of course, it’s not that straightforward. The complexity builds up very fast. I like to actually, you know, approach this with an analogy. It’s like playing the piano compared to playing the violin. You hit a key. It makes it sound. It’s very easy to start right. You can start pressing keys. You can come up with a simple tune and they want but the complexity from there and increases exponentially. It gets very complex, very fast. So Cloud is a public Cloud is a little bit like that. Actually, it’s easy to set up a couple workload’s. It’s easy to transform some storage to the public cloud. But when it comes to security, the implementation, the compliance and the governance of your public cloud, the complexity increases faster for understanding is one thing.
[00:08:57] But actually getting it done right in implementation and production is getting super tricky for these organisations.
[00:09:06] So if these organisations are struggling to implement security in the public Cloud, what advice can you give them to help them on this journey?
[00:09:14] Right. I mean, it might sound quite the obvious, but they need to put some guardrails in place, right? Because it’s fast transformation. As I said, it’s easy to start. It’s you know, it’s very easy to access and spin up workloads.
[00:09:29] Then don’t compare to traditional data centre on-premise models. Right. So it is it’s very easy to scale the Cloud, but at the same time, you need to put some guardrails in place because when you’re hit the throttle going full speed forward, you might derail. Right. So I would suggest putting in these guardrails, leveraging solutions that can basically provide secure and Always-On connectivity across multi Cloud rather than leveraging perhaps a, you know, a native solution. That might be one way to do it on Azure. Another way to do it. Well, yes, you can put up these guardrails that can spend across the World Guard. That’s right. You can have a control plane, a security solution, connectivity solution that can bridge multi Cloud. And I think that’s the that’s the way to go forward. Put in good, solid guardrails in place across your Cloud deployment’s.
[00:10:25] So just talked about some of the struggles to implement, but what is the biggest challenge that challenges that people are facing? Organisations are facing one when moving to the Cloud and then actually staying there.
[00:10:36] Right. I mean, it’s always been around security, but then we also quickly find out connectivity, always on connectivity being an important challenge. Right. We always had the intuition that securing these new environments is going to be different. Know the traditional data centre or On-premise Enterprise Network with a DMZ, with a firewall at the front end is kind of the rest of the network. It’s been well understood, right? It’s been at least the demarcations are there. It’s easy to segment. It’s easy to secure. At least that’s what we learnt over the last 20, 30 years. Right. But now, if you have these distributed sites, you know, everything being decentralised, there’s not a strict notion of a corporate perimeter there for security always to become very challenging, but also having these sites connect to each other, to users. Now we’re all working from home, still on their shelter in place, lock down regimes all over the world. So connecting users devices, in some cases, gadgets to these to these Cloud service provider basically back the infrastructure back to sites remains to be a challenge.
[00:11:43] But also, I want to add quickly, is also building in-house expertise. Right. There is actually a lot of commonality between Cloud service providers. However, also, there’s a lot of expertise that you need to build specifically for, say, Azure or Safieh with us. So being able to implement robust orchestration put in for your infrastructure in place as a steep learning curve. But there are promising developments, immutable infrastructure. The new paradigm behind getups is helping, I would say, transform this the space.
[00:12:20] So, of course, there’s the migration which you just talked about, right, the actual moving to the Cloud, but then there’s the operational phase. So what are some of the constraints that these organisations are facing when it comes to Cloud access once they’re there?
[00:12:33] Right. As I touched on, I would say always on connectivity, right. Connecting these infrastructure sites. In some cases, they’re called availability zones. Right. You might have multiple vignettes and you might have multiple pieces. You might have many of those in multiple Cloud environments. So connecting to those things together, having a robust transit between those, having a connective tissue, essentially that’s that’s always on robust and and actually improves performance. It’s been has been a challenge. Once you get up there to make sure you have you have that in place. But on top of that, of course, you need to connect your users and your devices that might be travelling, that might be working from home, making sure they have good quality of service.
[00:13:21] You have seamless connectivity to these remote sites and branches, of course, also put the robust security goals around who can access what in the context.
[00:13:34] Essentially, doing this for users and devices is one thing, but also extends to services and gadgets. Those are headless. You cannot enforce things like Two-Factor ID multifactor authentication. So you have to also securely connect these gadgets into these distributed sites. So that’s a challenging task, but that’s the direction we’re headed. I would say the most encouraging thing that I see in the field is that everything is now being always on connectivity enabled by identity. And I think that’s becoming a very transformational shift in how we think about accessing what or who accessed what, what kind of device have access rights into the network.
[00:14:14] All of these now are being kind of coalesced and reformed around the concept of identity, user identity, device, identity service, identity, gadget identity. And the list goes on.
[00:14:27] OK, so I mean, you’ve mentioned it already around and moving to the Cloud is a bit like pressing some of the keys on a piano. It’s easy to do. It’s relatively quick. Why do so many organisations face a variety of hurdles once they are there?
[00:14:43] Right, I mean, increasing complexity, right? It’s easy to start off, but then again, you know, it’s also easy to expose your workload’s to, let’s say, AIX permission issues.
[00:14:58] Right. You can have overly permissive access to your storage environment, to your workload’s. You’re developing applications at breakneck speed. You know, they might have vulnerabilities. It’s easy to ship, you know, always continuous integration, continuous development. All these concepts make you basically do releases sometimes several times on a daily basis. And that can also expose your Cloud workloads to a lot of weaknesses. But the cloud providers themselves has known pitfalls. If you’re not really on top of, you know, having deep knowledge about the environment you’re in, you know, it’s easy to kind of use the complexity, kind of expose your network and expose your workloads, you know, in a way that it could lead to data breaches and breaches and then lateral movement further into the network. Yeah, I mean, I would do it again, putting in guardrails is key here.
[00:15:56] Yeah, I’d love for you to double click on on some of the some of the advice that you would give to organisations facing these connectivity issues. I mean, no doubt the Cloud is allowing for rapid expansion and accessibility, but the security concerns are going to come with it.
[00:16:11] So what would you suggest to organisations who might be experiencing some of those connectivity challenges?
[00:16:18] But I would say there are a great set of Estevan offerings, one one like the one that Barracuda offers on the declaration portfolio, these these solutions from 30 cents vs Texas descent and Bruch to site connectivity challenges.
[00:16:33] But also we’re seeing this transformation in remote access moving away from Legacy DPN. It traditionally had this appliance, whether it’s a hardware box or some sort of effect, pvm monolithic Fetim that sits on the edge of the network where you concentrate. Older users were moving away from that to more physiatrist network access model. Right. So connecting sites through the event, creating that connective tissue and then bringing your users and your devices to that connective tissue to zero trust network access. I mean, going forward, I think a recipe you can you can refer to as assessment’s kind of the convergence of all of these solutions together. Estevan in one side, Xtina zero trust network access on the other side. And of course, in order to give your users always on security on-premise always connectivity, you have to pull in the secure gateway ÀNGEL, the web threats, protection against Web threats, protection against email, threats to all of them, converging into what some like referred to as Sassi as a as a solution forward to solve all these specific challenges.
[00:17:41] So you just mentioned SD-Wan. So what role do Cloud providers play when it comes to SD-Wan solutions?
[00:17:50] Right. I mean, I would say native integration with some of these proven, you know, solution providers is critical here. The the better integration with with the capabilities and the features of the particular Cloud service provider, I think will give the customers the best performance, the best quality of service and the most robust security.
[00:18:16] So I would say Cloud need of integration, which whichever service provider you might be using leveraging is I think is a critical decision when it comes to choosing an active and solution.
[00:18:30] Really interesting findings. Thanks so much for coming on and sharing your thoughts on this. And I encourage all of our viewers today to go ahead and download this report. You can find it on the Barracuda LinkedIn page. Synon, any final thoughts before we let you go today?
[00:18:46] I mean, I would say overall, it’s very exciting times. The speed of innovation and public Cloud has been has been terrific, which offers a lot of new opportunities for businesses like ours. But at the same time, I would say it’s a new and exciting career opportunities for individuals. Right. So this digital transformation shifting from data centres and on-premise legacy computing environments, compute storage on network environments to cloud service providers, definitely will bring in a new workforce and I would say transform both organisations, but also the talent pool that we have. I think I think it’s a tremendously exciting, exciting time to be in the space.
[00:19:28] Thank you so much, Synon. It’s been really a great pleasure having you on and talking us through the report and the findings and also how organisations can actually use those findings to help them on their journey when it comes to public Cloud. Thank you very much for joining us.
[00:19:43] Thank you. My pleasure.
[00:19:46] All right, everyone, remember, you can watch all of our LinkedIn live shows directly from the Barracuda LinkedIn page. And for now, all that’s left to say is until next time. Have a safe journey.